Qualys Cloud Agent - question on vuln scan

In the qualys agent module, I see often that "Discovery scan completed few seconds ago" messages . is there a place where i can see when the full scan ran and the vulnerabilities that are listed are part of that scan from that console? or do i have run a separate report to see whether to find the detected date?

Thanks for your question! The Agent does not perform "scans" in the traditional sense. It works by gathering an initial manifest based on the modules and options you select (e.g. asset only, VM, PC) and once that initial manifest is collected, it simply sends deltas to the cloud platform for evaluation based on when the machines changes state. To you point, if you'd like to see more detail as to the vulnerabilities and when they were detected etc, you can use the same tools and processes available in VM. For this case you can perform and asset search and look at the "first detected" and "last detected" fields in the VM module. Or better still view this data it in our upcoming AssetView Service via custom queries and dashboards (free) - Qualys AssetView | Asset Inventory Service | Qualys, Inc.

Can you tell how big is the snapshot the agent initially sends back to Qualys after initial installation? I have a site with a that struggles with bandwidth and want to be sure I don't overwhelm it after deploying to the 50+ workstations there

The Agent may create different manifests (the snapshot) based on a discovery scan, vulnerability scan (VM) or Compliance Scan (PC). By default all agents are configured to download one discovery file which happens first on install and allows for the agent to register and report back to the Qualys Portal. This initial manifest file is around 14K - 2.5 MB in size. A fully baked manifest file (VM/Policy data) may be as large as 20-30 MB but this file is uploaded to the cloud in fragments, set to 3MB, and then that fragment is split into smaller 1MB chunks to minimize any performance issues.

We commonly have customers roll out the agent to entire subnets across thousands of hosts with no performance or bandwidth issues whatsoever.